-
Bug
-
Resolution: Won't Do
-
Normal
-
None
-
4.15
-
None
-
None
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description
While testing https://issues.redhat.com/browse/OCPBUGS-76614 , I found that sometimes
MIN_TLS_VERSION and CIPHER Version templated strings are left as it is and this casues kube-rbace-proxy to crashloop:
494 │ \- containerID: cri\-o://29e07a1d588a4df076e9751c868234e9b462832a5d38f3f94ba861e4ffd123ef
495 │ image: registry.redhat.io/openshift4/ose\-kube\-rbac\-proxy\-rhel9@sha256:d887865ef3f02e69de8e9a95ec6504a29fcd3a32bef934d73b8f29684dbb9b95
496 │ imageID: registry.redhat.io/openshift4/ose\-kube\-rbac\-proxy\-rhel9@sha256:cb2014728aa54e620f65424402b14c5247016734a9a982c393dc011acb1a1f52
497 │ lastState:
498 │ terminated:
499 │ containerID: cri\-o://29e07a1d588a4df076e9751c868234e9b462832a5d38f3f94ba861e4ffd123ef
500 │ exitCode: 1
501 │ finishedAt: "2026\-02\-17T16:19:46Z"
502 │ message: "W0217 16:19:46.124304 1 deprecated.go:66\] \n==== Removed Flag
503 │ Warning ======================\n\nlogtostderr is removed in the k8s upstream
504 │ and has no effect any more.\n\n===============================================\n\t\t\nI0217
505 │ 16:19:46.125009 1 kube\-rbac\-proxy.go:233\] Valid token audiences: \nI0217
506 │ 16:19:46.126075 1 kube\-rbac\-proxy.go:347\] Reading certificate files\nE0217
507 │ 16:19:46.126299 1 run.go:72\] \"command failed\" err=\"TLS version
508 │ invalid: unknown tls version \\"${TLS\_MIN\_VERSION}\\"\"\n"
509 │ reason: Error
510 │ startedAt: "2026\-02\-17T16:19:46Z"
Steps to Reproduce
Install ocp-4.14 and install gcpfilestore and then upgrade the operator to 4.18
Expected Result
Operator should upgrade successfully
Actual Result
Operator upgrade gets stuck because of kube-rbac-proxy crashlooping.